The CyberWire Daily Briefing 07.28.15
Issues with Android's Stagefright media playback engine, reported yesterday by Zimperium researchers, lead today's news. The Stagefright vulnerability is being called "Heartbleed for Mobile," and could be exploited via MMS requiring no user interaction. The basic problem is said to be Stagefright's "overprivileged" status. Both Silent Circle and Mozilla have patched their Android platforms; Google is expected to push out a fix soon. But in the meantime, see early notes on device protection from LIFARS and Sophos.
A vulnerability in Apple's App Store and iTunes is also reported (by researchers at Vulnerability Lab). Apple has issued a patch.
Symantec publishes a comprehensive report on the "Black Vine" cyberespionage group, watering-hole specialists implicated in the Anthem breach (and several other intrusions at energy, healthcare, and aerospace companies). Symantec connects Black Vine to the Beijing-based IT-security organization Topsec.
PHP File Manager seems "riddled with vulnerabilities," including a backdoor.
Cyphort reports an upsurge in malvertising infections.
New phishing campaigns are targeting Google Drive users, some with persuasive spoofing, reports Elastica.
New York magazine, hacked by some guy who seems to dislike the Big Apple, gets applauded for the resiliency of its response, much enabled by its social media presence.
The diverse vulnerabilities disclosed this week might prompt some reflection on how to handle such discoveries. Contrast Arbor Networks (more mainstream) commentary with Zerodium's (a minority, if arguably defensible, view). Also consider recent disclosures in the light of proposed Wassenaar implementation.
Companies face increasing data breach liability; insurers seek surrogates for historical actuarial data.
Notes.
Today's issue includes events affecting Australia, China, Israel, Pakistan, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Android Stagefright Flaws Put 950 Million Devices at Risk (Threatpost) Vulnerabilities discovered in the Stagefright media playback engine that is native to Android devices could be the mobile world's equivalent to Heartbleed. Almost all Android devices contain the security and implementation issues in question; unpatched devices are at risk to straightforward attacks against specific users that put their privacy, data and safety at risk
imple Android Hack Leaves 95% Devices Vulnerable (LIFARS Blog) Researchers have discovered a critical vulnerability that may affect nearly all Android devices including phones and tablets. The vulnerability in the Android operating system could potentially allow the attacker to take complete control of the phone
The "Stagefright" hole in Android — what you need to know (Naked Security) The conference circuit can be a competitive arena, especially when there are multiple parallel streams
'Heartbleed for Mobile': Researcher Finds Massive Security Flaw in Android (Updated) (Re/code) Openness is Android's greatest strength — a flexibility that has enabled it to spread to now power four of every five smartphones on the planet
Critical vulnerability in Apple App Store, iTunes revealed (ZDNet) The critical injection vulnerability potentially impacts millions of users
The Black Vine cyberespionage group (Symantec) Black Vine has been actively conducting cyberespionage campaigns since 2012 and has been targeting several industries, including aerospace, energy, and healthcare
Points for consistency, but not for originality (Adaptive Mobile Blog) The use of over-the-top (OTT) messaging services has grown exponentially over the past few years. New data from mobile research specialists, Juniper Research, has found that the overall messaging market will fall in value by $600 million by 2019, while mobile and online messaging traffic will reach 160 trillion per annum by 2019, up from 94.2 trillion this year. Within Ireland alone, over 43% of smartphone owners use OTT applications to connect with friends and family — including Skype, WhatsApp, Viber and Facebook Messenger. Yet while this growth is significant, with it comes an increase in reported cases of spam messages
Over 5,000 mobile apps found performing in-app ad fraud (Help Net Security) Of the $20 billion projected to be spent by advertisers on mobile advertising in 2015, $1 billion will effectively be lost due to in-app ad fraud, warns ad fraud detection and prevention company Forensiq
PHP File Manager Riddled with Vulnerabilities, Including Backdoor (Threatpost) Multiple critical vulnerabilities have existed, some for nearly five years, in PHP File Manager, a web-based file manager used by several high profile corporations
Over 10 million Web surfers possibly exposed to malvertising (IDG via Network World) Upwards of 10 million people may have visited websites carrying malicious advertisements in the last ten days, possibly infecting their computers with malware, according to computer security company Cyphort
Google Drive phishing is back — with obfuscation (CSO) New Phishing attacks are targeting Google users
Phishing Attacks Drive Spike In DNS Threat (Dark Reading) Nearly 75% jump in phishing helped propel DNS abuse in the second quarter of this year
New York magazine demonstrates digital alacrity in face of alleged cyber attack (Poynter) Hours after New York published its powerful cover story containing testimony from 35 women who said they were assaulted by comedian Bill Cosby, the site was unavailable, knocked down by an apparent cyber attack
The state of cyber hacking into cars (BMW Blog) Imagine driving down the highway at 70 mph and then suddenly losing control of certain functions one by one. First, it starts out as the
Is Your Car Broadcasting Too Much Information? (TrendLabs Security Intelligence Blog) Car hacking is a reality the general public will have to deal with. Nothing can be as intrusive and dangerous as strangers taking over your car while you are driving it. Last week, Valasek and Miller's digital car-jacking stunt using 3G connectivity on a Jeep Cherokee's infotainment system illustrated how life-threatening this situation can get. The discovery of the bug has since led to the recall of of 1.4 million vehicles. A similar hack — but off-road this time — was also demonstrated a few days after, but this time via digital audio broadcasting (DAB) radio signals
DefCon Hackers Tell How They Cracked Brink's Safe in 60 Seconds (eWeek) Gone in 60 seconds. Security researchers will demonstrate at an Aug. 8 DefCon presentation how they can crack a modern Brink's safe in just a minute
Just a basic low-end mobile phone needed to hack air-gapped computer (Security Affairs) Security researchers from Israel proved that hacking most secure Air-gapped computers that typically are used in sensitive work environments, is possible just via a low end basic phone
A data security guy's musings on the OPM data breach train wreck (Help Net Security) Despite all the media attention to breaches, there is still way too much apathy when it comes to data-centric security. Given the sensitive data the OPM was tasked with protecting, it should have had state-of-the-art data protection, but instead it has become the poster child for IT security neglect. While its dismal security posture is unjustifiable, the people and process challenges that hindered the implementation of appropriate security measures are pervasive
This Website Will Steal Your Photos and Then Hack Your Computer (Fstoppers) The website WallPart (intentionally not linked to) claims to be "the world's largest online shop of posters…with over 10 billion images." What they do not tell you is that their database is filled with stolen and copyrighted images from photographers around the world. If this wasn't bad enough, the Poster Shop might actually be using these images to spam photographers who use their copyright take down form in what might be the most diabolical phishing scam of all time
Gmail is warning (incorrectly) that my newsletter is suspicious ( Graham Cluley) Thanks to those folks who have been in touch today and last Friday, letting me know that Gmail was flagging my daily "GCHQ" newsletter as suspicious
Security Patches, Mitigations, and Software Updates
iTunes and AppStore remote exploit fixed by Apple (Naked Security) A serious remote vulnerability has been uncovered in Apple's AppStore and iTunes web applications that posed "a significant risk to buyers, sellers or Apple website managers/developers"
Apple warns of possible data corruption for some MacBook Pros (FierceCIO) The company pushes a patch for owners of the 15-inch MacBook Pro purchased around the middle of this year
Steam's account-stealing password reset bug fixed (Naked Security) Popular gaming platform Steam recently experienced a breach which reportedly allowed attackers to hijack a small number of accounts
Subject: Radio Software Security Vulnerabilities (National Highway Traffic Safety Administration (letter)) This letter serves to acknowledge Chrysler (FCA US LLC)'s notification to the National Highway Traffic Safety Administration (NHTSA) of a safety recall which will be conducted pursuant to Federal law for the product(s) listed below. Please review the following information to ensure that it conforms to your records as this information is being made available to the public. If the information does not agree with your records, please contact us immediately to discuss your concerns
Jeep hacking and the risks posed by the internet of things (Hot for Security) Last week, security researchers Charlie Miller and Chris Valasek did something extraordinary
Cyber Trends
Balancing The Internet of Things (IoT) In The Supply Chain (Forbes) Imagine a world in which you know not only where your cargo is, but whether it's still at the right temperature, whether it was dropped, whether the truck driver braked hard or got stuck in traffic, and exactly who handled it and when. That's the world of the Internet of Things (IoT), and it's here now: providing deep insights and actionable information that boosts efficiency , improves safety and fuels the supply chain. But it also increases risk. According to the World Economic Forum's "Global Risks 2015" report, with the IoT, "There are more devices to secure against hackers, and bigger downsides from failure"
Do Banks Need to Rethink Identity Protection Services? (American Banker) It's been a bad week for identity theft protection services
Most employees don't understand the value of data (Help Net Security) New research from Fujitsu has revealed that only 7% of employees rate their business data higher than their personal information. The results highlight how employees don't understand the value of data with over half (52%) of employees admitting that they value their own data more than their work data. In addition, 43% of employees either somewhat or completely agree that they have no idea of the value of business data
Why Cybersecurity Is So Difficult to Get Right (Harvard Business Review) It seems like hardly a week goes by without news of a data breach at yet another company. And it seems more and more common for breaches to break records in the amount of information stolen. If you're a company trying to secure your data, where do you start? What should you think about? To answer these questions, I talked to Marc van Zadelhoff, VP of IBM Security, about the current state of cybersecurity and the Ponemon Institute's 2015 study of cybersecurity around the world, which IBM sponsored
How complex attacks drive the IT security innovation race (Help Net Security) There's a need for organizations to reduce time to detection (TTD) in order to remediate against sophisticated attacks by highly motivated threat actors, according to the Cisco 2015 Midyear Security Report
Cyber Threats Evolving Too Fast to Keep Up With (Information Security Buzz) New Lieberman Software survey reveals that despite companies employing more IT security staff than ever before, the hackers are still winning
Moving Beyond the Buzzwords (InfoRiskToday) Trend Micro CTO Genes on rethinking security strategy
Treating Health InfoSec as 'Essential' (HealthcareInfoSecurity) Why healthcare leaders need an attitude change
Hong Kong may be part of China, but that hasn't protected it from Chinese hackers (South China Morning Post) Businesses and institutions in Hong Kong are not exempt from attacks by China-linked hacking groups, as experts warn cyber crime in Asia is on the rise
Marketplace
Cyber Claims Landscape: Companies Face Increasing Data Breach Liability (Willis Wire) The cyber risk landscape is rapidly evolving. Governments are facing an unprecedented level of cyber attacks and threats with the potential to undermine national security and critical infrastructure. Similarly, businesses across a wide range of industry sectors are exposed to potentially enormous physical losses as well as liabilities and costs as a result of cyber attacks and data breaches
The View from Davos: Bootstrapping a Cyber Insurance Market (CyVaR Blog) What's your risk? The World Economic Forum has been thinking about the implications of the Internet for the global economy ("a hyperconnected world") and in particular how cyber risks should be managed. Its studies ratify what's become the conventional wisdom — traditional network perimeter defenses are a dead-end, closed off by the unmanageable connectivity of BYOD practices and the Internet of Things — and counsel instead that the proper aim of cyber security is resilience, the ability to operate successfully even while under cyber attack
Simplicity does not mean going it alone in the security market (MicroScope) A lot of focus in the industry is to try and make life easier for customers and great efforts have been made to simplify technology
FireEye Growing But Burning Through Cash (Seeking Alpha) FireEye experienced a solid first quarter to start 2015. The relatively new company is still struggling with cash flows, but strong demand for FireEye's services provides potential for a bright future. Let's take a look at FireEye's recent performance and derive a fair value estimate for shares
Security firm 'guarantees' to pay more than Google does for Chrome exploits (CSO) A newly launched vendor that buys and sells exploits is making a play to corner the world's most dangerous attacks
Hacked Opinions: Vulnerability disclosure — Sam Curry (CSO) Arbor Networks' Sam Curry talks about disclosure, bounty programs, and vulnerability marketing
Spyware for sale: Hacking Team leaks show Australian companies scrambling to cash in on Government surveillance contracts (Australian Broadcasting Corporation) At least four Australian companies have tried to sell a range of controversial spyware and surveillance tools to Australian law enforcement agencies as well as foreign governments, according to emails revealed by WikiLeaks
Sources: Dell considers IPO for SecureWorks cybersecurity unit (Atlanta Business Chronicle) SecureWorks could be headed for an IPO — the second attempt for the Atlanta-based information security provider, according to multiple sources. The IPO would fetch SecureWorks a valuation north of $1 billion
What Does Microsoft's Adallom Buy Bring to its Cloud Security? (The VAR Guy) Microsoft (MSFT) is putting its money where its mouth is when it comes to cloud services, Israeli security company Adallom for $320 million, according to a published report, to further bolster security on its Azure platform
The Reasoning Behind Massive Backing for Darktrace (Inside Bitcoins) Darktrace, a cyber security company, backed by Mike Lynch, was recently valued at an estimated 100 million dollars. This was surprising to many as the company has been open for a mere two years, yet it is working with big companies such as Virgin Trains. The reasoning behind Darktrace's success is a mystery to many. However, there is a safe and sound reasoning to the company's success, but first, perhaps we need a little backstory on the creation of Darktrace. Surprisingly, it was created at the University of Cambridge due to their research in the field of Mathematics. Since the moment the algorithm was seen by Andy France, former head of defense at Britain's cyber security agency GCHQ, he quit the agency to be at the helm of the company's development. Now, Darktrace is filled with analysts who used to work for NASA or the GCHQ. This was the first step in defining the success Darktrace would soon receive
Darktrace Joins Prime Minister David Cameron on Official Trade Mission to Asia (PRNewswire) Darktrace will assist the Prime Minister on a trip to promote the United Kingdom as a leader in the field of cyber security
Exabeam Wants To Prevent Another Snowden (CRN) Security vendor Exabeam hit the market in February and in just five months has seen 262 percent of the growth it had projected for all of 2015
A public marketplace for hackers — what could possibly go wrong? (Ars Technica) Nearly a year in, Hacker's List maintains good intentions. Its users on the other hand
CRN Names Waratek Coolest Security Startup of 2015 (BusinessWire) Leading publication for the IT channel singles out runtime application self-protection vendor for bullet proof vest spproach to security
EY Announces iSIGHT Partners CEO John Watters as EY Entrepreneur Of The Year® 2015 Award Winner in the Southwest (Digital Journal) EY today announced that John Watters, CEO of iSIGHT Partners, the leading provider of cyber threat intelligence for global enterprises, received the EY Entrepreneur Of The Year® 2015 Award in the Services category in the Southwest region. The award recognizes outstanding entrepreneurs who demonstrate excellence and extraordinary success in such areas as innovation, financial performance and personal commitment to their businesses and communities. John Watters was selected by an independent panel of judges and the award was presented at a special gala event on June 27, 2015
Products, Services, and Solutions
Microsoft to make enterprise security tools available (ComputerWorld) Advanced Threat Analytics and Rights Management Service to be offered next month
SentinelOne Launches First Certified Enterprise Anti-Virus Replacement and Next Generation Endpoint Protection Platform (SentinelOne) SentinelOne today announced SentinelOne EPP (EndpointProtection Platform), the first and only AV-TEST certified next generation endpoint security solution that combines prevention, detection, mitigation, remediation and forensic capabilities for Windows, OS X and Android devices. AV-TEST, a leading independent anti-virus research institute, has awarded SentinelOne EPP the Approved Corporate Endpoint Protection certification which validates its effectiveness for detecting both advanced malware and blocking known threats. SentinelOne now enables enterprises to replace their existing corporate AV suites and still meet compliance requirements
Terbium Labs Launches the First Data Intelligence System That Instantly Locates Stolen Data on the Dark Web (MarketWired) Matchlight automatically, and with pinpoint accuracy, identifies business-critical data on the dark web — closes the breach detection gap and minimizes the damage, loss and risk caused by a data breach
CyberSponse Enhances Its Security Operations Platform With Customizable Navigation and Advanced Asset Graphs (Sys-Con Media) Improved efficiency and fault tolerance
CYREN Unveils First Mass-Scale Sandbox Service (MarketWatch) Company introduces next generation of sandbox technology with unmatched use of automated logic and a global cloud infrastructure to proactively protect users
SecurEnvoy Launches Security Assessment to Combat the Increased Frequency and Severity of Corporate Security Breaches (WICU 12) SecurEnvoy, the trusted global leader of mobile phone based Tokenless® two-factor authentication (2FA) has launched a unique security assessment for businesses in line with the increased frequency and severity of security breaches across the globe
Dmail promises self-destructing Gmail messages (Naked Security) Google recently promoted its little-known "Undo Send" option for Gmail users: a feature that buys us up to 30 seconds in which we can stop the delivery of whatever e-embarrassment we concocted from escaping into the wild
Technologies, Techniques, and Standards
Why mHealth guidelines are a solid starting point for tool developers (FierceMobileIT) Adam Powell: Technology agnostic guidelines are wise
Finally! A free, open source, on-premise virus scanner framework (Help Net Security) After having spoken about it for quite a while, security researcher Robert Simmons has finally begun publishing the code and documentation of his open source AV scanner framework dubbed PlagueScanner
How to Measure the Return on Investment of Strong Information Governance Processes (LegaltechNews) In order to be effective, information governance must become part of a firm-wide culture of participation and collaboration
The First 24 Hours In The Wake Of A Data Breach (Dark Reading) There is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result
ESET: How your business can recover from a hack (IT Brief) Recent high-profile data breaches at the US Office of Personnel Management (OPM), Adult Friend Finder and the European Parliament illustrate criminals' insatiable appetite for data and financial reward
Re-Imagining Breach Defense (InfoRiskToday) Many enterprises believe that they have done everything right, and yet still they are hacked. What more needs to be done to protect against data breaches? Where are the security shortcomings?
Design and Innovation
Beyond the Basics of ICS Security — Getting It Right From the Start (Tripwire: the State of Security) The Internet of Things is gradually but very surely creeping in to impact every sphere of modern life. And that goes as much for people as for business, as much for new industries as for incumbent sectors. This network of physical objects has the ability to play havoc with security and is significantly increasing the challenge of securing Industrial Control Systems (ICSs). Threats to ICSs for players in the utilities, energy and nuclear sectors can have life-threatening consequences
Currently Quantum computers might be where Rockets were at the time of Robert Goddard (nextBIGFuture) There have been comparisons of current quantum computers to classical computers to the Wright Brothers flyer against lighter than air vehicles. The Wright brothers flyers had inferior performance and capabilities to the Zeppelins but would eventual later versions would prove more useful and more capable
Cybersecurity firm commissions work of art (Technical.ly Baltimore) Ahead of its upcoming Women in Cybersecurity event, CyberPoint is teaming up with Maryland Art Place to find a piece from a female artist
Academia
Delaware's Cybersecurity Elite Complete Week-long Boot Camp (US Cyber Challenge) U.S. Cyber Challenge (USCC) is proud to announce the winners of the 6th Annual Delaware Cyber Camp competition. Following a week of intensive classroom instruction on a variety of cybersecurity topics, over 60 participants competed in the camp's final activity, the "Capture the Flag" (CTF) competition that took place last Friday morning, July 24th at Delaware Technical Community College in Dover. Those who came out on top and won the competition include Alyssia Bates, Jon Butler, Rauni Kangas and Tim Plimpton
The U.S. government's $1.6M investment in cybersecurity pays dividends for New Mexico (Albuquerque Business First) The U.S government is investing more than $1.6 million in training future cybersecurity professionals to help protect federal agencies' data. And they're working with New Mexico Institute of Mining and Technology in Socorro to do it
Legislation, Policy, and Regulation
Deradicalisation 'practically impossible': Counter-terrorism expert warns against reforming radicals (Australian Broadcasting Corporation) A leading international counter-terrorism expert from Israel has issued a warning to Australia about the success rate of deradicalisation programs
Pakistan to shut down BlackBerry services by December over 'security' (Reuters) The Pakistani government plans to shut down BlackBerry Ltd's secure messaging services by Dec. 1 for "security reasons", the Pakistan Telecommunication Authority said on Friday
Even former heads of NSA, DHS think crypto backdoors are stupid (Ars Technica) "Requiring people to build a vulnerability may be a strategic mistake"
An Unexpected Voice Speaks Out Against Backdoored Encryption (DefenseOne) Former DHS Secretary Michael Chertoff joins the league of technologists who have come out against the FBI's push to put holes in privacy technology
Cyber Conflict in DOD's Law of War Manual (Just Security) Law of cyber warfare practitioners surely breathed a sigh of relief when they found that only 15 of the 1,176 pages in DOD's new Law of War Manual addressed cyber warfare. DOD appears to have concluded that the law in this area is still developing (or, perhaps, not developing), and that trying to capture it precisely would lead to the creation of a chapter that would soon be irrelevant. As a result, the cyber warfare chapter sticks broadly to the application of the principles of the law of armed conflict to cyber warfare — although it "inconveniently" introduces a new legal concept that seems inconsistent with other sections of the manual
The Scientists and Technologists Who Want To Keep AI Out of Weapons (DefenseOne) Stephen Hawking, Steve Wozniak, and hundreds of others signed an open letter that begged leaders to stop a military robotics arms race
NSA will stop looking at old US phone records (KOIN 6) The program began shortly after the September 2001 terrorist attacks
Statement by the ODNI on Retention of Data Collected Under Section 215 of the USA PATRIOT Act (IC on the Record) On June 29, 2015, the Foreign Intelligence Surveillance Court approved the Government's application to resume the Section 215 bulk telephony metadata program pursuant to the USA FREEDOM Act's 180-day transition provision. As part of our effort to transition to the new authority, we have evaluated whether NSA should maintain access to the historical metadata after the conclusion of that 180-day period
Litigation, Investigation, and Law Enforcement
The insider data hack: A legal perspective (IT Pro Portal) Data security is a critical risk area for businesses of all sizes. Yet one aspect of a company's data security strategy that is often considered in less detail is the threat posed by employees — the insider threat
Cyber insecurity: Hacking back (Financial Times) Companies are seeking to use more aggressive tactics to neutralise hackers. But the law limits how far active defence can go
Lawsuit Raises Cyberespionage Questions for Ethiopian Government (LegaltechNews) The complaint alleges that the government collected information on an ex-patriot who was involved in a political movement to oust incumbents
The Wheels of Justice Turn Slowly (KrebsOnSecurity) On the evening March 14, 2013, a heavily-armed police force surrounded my home in Annandale, Va., after responding to a phony hostage situation that someone had alerted authorities to at our address. I've recently received a notice from the U.S. Justice Department stating that one of the individuals involving in that "swatting" incident had pleaded guilty to a felony conspiracy charge
Kill Switch Is No Dead Certainty to Stop Phone Theft (Wall Street Journal) California now requires antitheft technology be enabled on new devices, but stolen 'bricked' phones appear
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
3rd Annual Psyber Behavioral Analysis Symposium (Fort Meade, Maryland, USA, Aug 11, 2015) The 3rd Annual Psyber Behavioral Analysis Symposium is hosted by the NSA/CSS Threat Operations Center and the FBI Behavioral Analysis Unit-2/Cyber Behavioral Analysis Center. The goal of the Symposium is to provide U.S. and Second Party Intelligence Communities (IC) a forum to present and collaborate on Human Science-based projects and research. This event attracts a multi-disciplinary government audience from across the IC and Second Party Partner organizations
Intelligence and National Security Summit (Washington, DC, USA, Sep 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential discussion. This two-day, unclassified Summit will feature five plenary sessions with top federal agency leaders and policymakers sharing their assessments and priorities for U.S. national, defense and homeland security intelligence. In addition, thought leaders from government, industry and academia will explore emerging issues and solutions related to intelligence policy, cyber threats, and technology and innovation over nine breakout sessions
Cybersecurity Innovation Forum (Washington, DC, USA, Sep 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland Security. This event brings government and industry together to focus on current, emerging, and future challenges, technologies, projects, solutions, and research in trusted computing, security automation, and information sharing
Upcoming Events
Cyber Risk Wednesday: Rethinking Commercial Espionage (Atlantic Council: Brent Scowcroft Center on International Security, Jul 29, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on July 29 from 4:00 p.m. to 5:30 p.m. for a discussion on new ideas on commercial cyber espionage and intellectual property theft
CyberMontgomery 2015 (Rockville, Maryland, USA, Jul 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen other Federal agencies, plus regional State and local agencies, educational institutions (such as Montgomery College, the Universities at Shady Grove, a satellite campus of Johns Hopkins, and the Bethesda-based SANS Institute), plus scores of cyber companies, ranging from start-ups to multinational corporations such as Lockheed Martin, employing upwards of 37,000 people in cyber-related jobs. With cybersecurity constituting a major growth engine in the region for many years to come, and with leading Federal government, industry and academic assets already in place in the region, the annual CyberMontgomery conference serves to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. In that light, CyberMontgomery provides clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in the County, and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders
Career Discovery in Cyber Security: A Women's Symposium (New York, New York, USA, Jul 30, 2015) Our annual conference brings together some of the best minds in the industry, with the goal of guiding women with a talent and interest in cyber security into top-flight careers
PragueCrunch IV: The Enpraguening (Prague, Czech Republic, Jul 31, 2015) Here it comes, Central Europe: PragueCrunch IV! This annual celebration of all things startup is coming to your town on Friday, July 31, 2015 from 7:00 PM to 11:00 PM (CEST). We'll be holding the event on the terrace at Střelecký Ostrov. If you've been to any of the previous events you'll know it's a good time
Black Hat USA (Las Vegas, Nevada, USA, Aug 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (August 1-4) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 5-6)
ISSA CISO Forum: Third Party Oversight (Las Vegas, Nevada, USA, Aug 2 - 3, 2015) The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only environment. Membership is by invitation only and subject to approval. Membership criteria will act as a guideline for approval. Invitations can be made by a CISO Members or ISSA Management. Guest, renewing, and new members are all subject to approval
BSides Las Vegas (Las Vegas, Nevada, USA, Aug 4 - 5, 2015) BSides Las Vegas is an Information/Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSidesLV. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSidesLV is making this happen by shaking-up the format
Defcon 23 (Las Vegas, Nevada, USA, Aug 4 - 7, 2015) DEF CON has been a part of the hacker community for over two decades. See the organization's website for more information
USENIX Security (Washington, D.C., USA, Aug 12 - 14, 2015) The USENIX Security Symposium reunites researchers, practitioners, system administrators, system programmers, and others specialists interested in the latest advances in the security and privacy of computer systems and networks
5th Annual Cyber Security Training & Technology Forum (CSTTF) (Colorado Springs, Colorado, USA, Aug 19 - 20, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter and FBC, Inc. will once again co-host the 5th Annual Cyber Security Training & Technology Forum (CSTTF). CSTTF 2015 will bring together cyber experts from the DoD, federal government, business, research, and academia to address a variety of current cyber topics
Decepticon 2015 (Cambridge, England, UK, Aug 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines, sub-disciplines and countries. To cover the great diversity of approaches to deception research, our scientific committee has members covering several domains
AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, Aug 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker AFB. This is the only Technology Day held at Tinker AFB each year. The annual Technology Day allows exhibitors the opportunity to have access to information technology, communications, cyber, engineering, and contracting personnel at Tinker AFB. Over 300 attendees participated in the 2014 Technology Day and we expect the same level of attendance in 2015
Power Grid Cyber Security Exchange 2015 (San Diego, California, USA, Aug 30 - Sep 1, 2015) The Power Grid Cyber Security Exchange will take a deep dive into the cyber security strategies, innovative approaches and strategic planning necessary to balance the competing priorities of today's technology and information security executives. This program is tailored to utility executives and industry stakeholders that are responsible for addressing threat intelligence, analysis and monitoring; network architecture; and cyber incident response
2015 HTCIA International Conference & Training Expo (Orlando, Florida, USA, Aug 30 - Sep 2, 2015) Bringing together experts from all over the world to share their latest research and techniques related to cybersecurity, incident response and computer forensics
ICFP 2015 (Vancouver, British Columbia, Canada, Aug 31 - Sep 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire spectrum of work, from practice to theory, including its peripheries